What we're about

Az OWASP (https://www.owasp.org/) talán a legnagyobb szakmai szervezet, mely a webes alkalmazások és az alkalmazásfejlesztés biztonságával foglalkozik, állítólag 45K résztvevővel és támogatóval*. Ez egy hálózatos szervezet amerikai székhellyel, és egy vagy néhány tagozattal minden országban. Az OWASP másik dimenziója -- a projektek, bárki csinálhat projektet**, ha szakmailag megfelelő színvonalú. A leghíresebb projekt a TOP10 (https://github.com/OWASP/Top10/tree/master/2017) -- erről azt kell tudni, hogy egy oktatási anyag, pedig sajnos sokan szent standardként használják. Alkalmazásbiztonsági standardod az ASVS (https://github.com/OWASP/ASVS) projekt állít fel, ez végre egy közös nevező a biztonsági tesztelők (régi nevükön: hackerek), a fejlesztők és az alkalmazás tervezők között. És van még rengeteg más projekt:
https://github.com/OWASP

* Világszerte 20K tag az OWASP meetup csoportokban ( https://www.meetup.com/pro/owasp )

** https://www.owasp.org/index.php/Category:OWASP_Project#tab=Starting_a_New_Project

Upcoming events (1)

Security test automation, vulnerability management, OWASP SKF @ Green Fox [en]

### In short: We can see the latest trend in integrating security tooling into CI/CD pipelines. However, security tooling integrated in your security pipe-lines will not cover the whole attack surface. This is because the tooling can never understand the full context of the applications functions and logic. On the other hand, resources in the form of manual verification can often be scarce and expensive. Where do we find the right balance between security test automation and manual verification? Even more importantly, how do we train the developers understand the metrics and make security part of their process and culture? Duration: 90' lecture/workshop+QA+chat, 1 break Language: EN ### More about the workshop: This workshop teaches how to set up a proper CI environment agnostic security test automation approach. It also teaches how to make your solution scalable on an enterprise level and, how to set up a vulnerability management system to do your false positive suppression and delta reporting to be able to iterate faster over the metrics that are generated by your security tooling. It will also deep dive into the OWASP SKF, security knowledge framework and how to use this framework to help set up the right security requirements for your projects and train your developers into writing secure code! ### About the trainers: Glenn: As a coder, hacker, speaker, trainer and security chapter leader employed at ING Belgium Glenn has over 15 years experience in the field of security. One of the founders of defensive development [defdeveu], the European security trainings project dedicated to helping you build and maintain secure software. He's also speaker at multiple security conferences in the world. Riccardo: As a penetration tester from the Netherlands Riccardo ten Cate specializes in application security and has extensive knowledge in securing applications in multiple coding languages. Riccardo has many years of experience in training and guiding development teams becoming more mature and making their applications secure by design. ### The kitchen: Pizza by Green Fox Academy ### Special thanks: OWASP SKF project, defdev.eu ### https://www.linkedin.com/groups/4692397/ https://www.facebook.com/owasp.hu Portraits by Balinth.com, design by Zoltán Fekete

Photos (183)